Bug #1293
closed
error when trying to view puppet certificates
Description
I'm getting this error when clicking on Settings -> Smart Proxies -> Certificates . It appears that the proxy is correctly invoking puppetca via sudo.
# rpm -qa | grep foreman foreman-0.4-0.1rc4.noarch foreman-proxy-0.3-0.1rc2.noarch foreman-release-1-1.noarch
The HTTP 500 error message that's returned:
The following error message was observed:
smart_proxy_puppetca_url failed to generate from {:action=>"update", :id=>#, :smart_proxy_id=>"1-ctrl", :controller=>"SmartProxies::Puppetca"}, expected: {:action=>"update", :controller=>"SmartProxies::Puppetca"}, diff: {:id=>#, :smart_proxy_id=>"1-ctrl"}
foreman production.log (IP/hostname's changed)
Processing SmartProxies::PuppetcaController#index (for 1.1.1.1 at 2011-11-02 12:01:29) [GET]
Parameters: {"smart_proxy_id"=>"1-ctrl"}
Rendering template within layouts/application
Rendering smart_proxies/puppetca/index
ActionView::TemplateError (smart_proxy_puppetca_url failed to generate from {:action=>"update", :id=>#<SmartProxies::PuppetCA:0x7f89d93198a8 @fingerprint="E9:27:4C:B1:96:7B:5F:B2:78:76:CC:81:7B:17:A1:1E", @smart_proxy_id=1, @name="ctrl.example.com ", @expires_at=nil, @valid_from=nil, @state="valid">, :smart_proxy_id=>"1-ctrl", :controller=>"SmartProxies::Puppetca"}, expected: {:action=>"update", :controller=>"SmartProxies::Puppetca"}, diff: {:id=>#<SmartProxies::PuppetCA:0x7f89d93198a8 @fingerprint="E9:27:4C:B1:96:7B:5F:B2:78:76:CC:81:7B:17:A1:1E", @smart_proxy_id=1, @name="ctrl.example.com ", @expires_at=nil, @valid_from=nil, @state="valid">, :smart_proxy_id=>"1-ctrl"}) on line #23 of app/views/smart_proxies/puppetca/index.html.erb:
20: <td><%= h cert.fingerprint %></td>
21: <td>
22: <%= display_link_if_authorized("Sign", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert), :method => :put) if cert.state == "pending" %>
23: <%= display_link_if_authorized("Destroy", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert), :confirm => 'Are you sure?', :method => :delete) if cert.state != "revoked" %>
24: </td>
25: </tr>
26: <% end -%>
app/helpers/application_helper.rb:105:in `display_link_if_authorized'
app/views/smart_proxies/puppetca/index.html.erb:23
app/views/smart_proxies/puppetca/index.html.erb:14:in `each'
app/views/smart_proxies/puppetca/index.html.erb:14
app/helpers/application_helper.rb:105:in `display_link_if_authorized'
app/views/smart_proxies/puppetca/index.html.erb:23
app/views/smart_proxies/puppetca/index.html.erb:14:in `each'
app/views/smart_proxies/puppetca/index.html.erb:14
Rendering template within layouts/application
Rendering common/500 (500)
[root@ctrl foreman]#
foreman-proxy proxy.log
D, [2011-11-02T12:01:29.999297 #1732] DEBUG -- : Found puppetca at /usr/sbin/puppetca D, [2011-11-02T12:01:29.999440 #1732] DEBUG -- : Found sudo at /usr/bin/sudo D, [2011-11-02T12:01:29.999493 #1732] DEBUG -- : Executing /usr/bin/sudo -S /usr/sbin/puppetca --list --all
sudo invocation in /var/log/secure
Nov 2 12:01:30 ctrl-27 sudo: foreman-proxy : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/puppetca --list --all
Updated by Andreas Ntaflos over 12 years ago
Same problem here on Ubuntu 10.04, using Foreman 0.4-~nightlybuild1320199902 and Smart Proxy 0.3-~nightlybuild1320199883, along with Puppet 2.7.6.
Invoking puppetca --list --all as user foreman via sudo apparently works fine, listing all certificates correctly. Can we do anything to help debug this?
Updated by Andreas Ntaflos over 12 years ago
I suppose the following error is related to the problems described above. I get this when trying to provision a new host (using Ubuntu, PXE and Preseed). Booting the installer works fine, the problem appears when the Debian installer tries to retrieve its specified preseed file (as in http://puppet.example.com/foreman/unattended/provision). This shows up as a 500 error to the client, while the Foreman production log shows this:
Processing UnattendedController#provision (for 10.59.1.133 at 2011-11-03 19:37:58) [GET] Found RISELANCCR01.rise-s.com **DEPRECATION WARNING*** Managing Puppet CA without a smart-proxy will not be supported in the next release **DEPRECATION WARNING*** Managing Puppet CA without a smart-proxy will not be supported in the next release Permission denied - /etc/puppet/autosign.conf /usr/lib/ruby/1.8/fileutils.rb:1033:in `initialize' /usr/lib/ruby/1.8/fileutils.rb:1033:in `open' /usr/lib/ruby/1.8/fileutils.rb:1033:in `touch' /usr/lib/ruby/1.8/fileutils.rb:1027:in `each' /usr/lib/ruby/1.8/fileutils.rb:1027:in `touch' /usr/share/foreman/vendor/plugins/proxy/lib/proxy.rb:131:in `sign' /usr/share/foreman/app/models/host.rb:210:in `handle_ca' /usr/share/foreman/app/controllers/unattended_controller.rb:141:in `handle_ca' Rendering common/500 (500)
Updated by Ohad Levy over 12 years ago
Does the following solves your issue?
diff --git a/app/views/smart_proxies/index.html.erb b/app/views/smart_proxies/index.html.erb
index 1c0d387..6a31a0e 100644
--- a/app/views/smart_proxies/index.html.erb
+++ b/app/views/smart_proxies/index.html.erb
@@ -17,7 +17,7 @@
<td><%=h proxy.features.to_sentence %></td>
<td class="ra">
<% if proxy.features.include? Feature.find_by_name("Puppet CA") -%>
- <%= display_link_if_authorized "Certificates | ", hash_for_smart_proxy_puppetca_index_path(:smart_proxy_id => proxy) %>
+ <%= display_link_if_authorized "Certificates | ", hash_for_smart_proxy_puppetca_index_path(:smart_proxy_id => proxy.to_param) %>
<%= display_link_if_authorized "Autosign | ", hash_for_smart_proxy_autosign_index_path(:smart_proxy_id => proxy) %>
<% end -%>
<% if SETTINGS[:unattended] and proxy.features.include? Feature.find_by_name("DHCP") -%>
Updated by Joshua Hoblitt over 12 years ago
The patch applied cleanly to 0.4-0.1rc4, restarted apache (running foreman under passenger), and it looks like we're still getting the same error:
The following error message was observed:
smart_proxy_puppetca_url failed to generate from {:action=>"update", :id=>#, :smart_proxy_id=>"1-ctrl", :controller=>"SmartProxies::Puppetca"}, expected: {:action=>"update", :controller=>"SmartProxies::Puppetca"}, diff: {:id=>#, :smart_proxy_id=>"1-ctrl"}
Updated by Ohad Levy over 12 years ago
how about ?
diff --git a/app/views/smart_proxies/puppetca/index.html.erb b/app/views/smart_proxies/puppetca/index.html.erb
index 90d625d..21037bb 100644
--- a/app/views/smart_proxies/puppetca/index.html.erb
+++ b/app/views/smart_proxies/puppetca/index.html.erb
@@ -19,8 +19,8 @@
<td><%= time_column cert.expires_at, :tense => :future %></td>
<td><%= h cert.fingerprint %></td>
<td>
- <%= display_link_if_authorized("Sign", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert), :me
- <%= display_link_if_authorized("Destroy", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert),
+ <%= display_link_if_authorized("Sign", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert.to_pa
+ <%= display_link_if_authorized("Destroy", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert.to
</td>
</tr>
<% end -%>
Updated by Greg Sutcliffe over 12 years ago
I'm also hitting this. Ohad, your patch looks malformed - the lines are truncated, so I can't test it. I can confirm that simply removing the Destroy link makes the page function again, although of course you cannot revoke certificates :)
Updated by Ohad Levy over 12 years ago
- Target version set to 1.0
Ok, how about?
diff --git a/app/models/smart_proxies/puppet_ca.rb b/app/models/smart_proxies/puppet_ca.rb
index c951904..ac68970 100644
--- a/app/models/smart_proxies/puppet_ca.rb
+++ b/app/models/smart_proxies/puppet_ca.rb
@@ -7,6 +7,7 @@ class SmartProxies::PuppetCA
def initialize opts
@name, @state, @fingerprint, @valid_from, @expires_at, @smart_proxy_id = opts.flatten
+ @name.strip!
@valid_from = Time.parse(@valid_from) unless @valid_from.blank?
@expires_at = Time.parse(@expires_at) unless @expires_at.blank?
end
Updated by Paul Mooring over 12 years ago
That change didn't fix it, but I'm having the same problem on a version from the yum repository, rpm -q says:
foreman-0.4-0.2.noarch
foreman-proxy-0.3-0.2.noarch
are the versions I'm running.
Updated by Greg Sutcliffe over 12 years ago
That results in "Cannot modify frozen string". Avoid editing the name object directly seems to work - e.g:
--- a/app/models/smart_proxies/puppet_ca.rb
+++ b/app/models/smart_proxies/puppet_ca.rb
@@ -20,7 +20,7 @@ class SmartProxies::PuppetCA
api = ProxyAPI::Puppetca.new({:url => proxy.url})
certs = api.all.map do |name, properties|
- new([name, properties['state'], properties['fingerprint'], properties["not_before"], properties["not_after"], proxy.id])
+ new([name.strip, properties['state'], properties['fingerprint'], properties["not_before"], properties["not_after"], proxy.id])
end.compact
# save our CA details for 5 seconds
Updated by Yun Zheng Hu over 12 years ago
Greg Sutcliffe wrote:
That results in "Cannot modify frozen string". Avoid editing the name object directly seems to work - e.g:
[...]
I can confirm that this works
Updated by Ohad Levy over 12 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Applied in changeset 23b12ba7aea93e099e5c5d57361835d73323d6da.